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© Low power security mode for a cellular telephone. 



© A security module for use in a cellular telephone 
(9) provides for low power consumption. The secu- 
rity module includes a vocoder processor (10) for 
manipulating signals from the telephone's micro- 
phone and to the telephone's ear piece (19); an 
encryption engine (30); a modem processor (20) for 



controlling transmitted and received data from the 
cellular telephone; and a security system controller 
(29). The processors consume virtually no power 
when the phone is in the standby mode and very 
little power to produce encrypted communication 
when the cellular phone is operational. 
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Background of the Invention 

The present invention pertains to secure tele- 
communications and more particularly to security 
systems for cellular telecommunications. 

The current Secure Telephone market has 
mainly involved operation over the public switched 
telephone network using analog phone lines. Cur- 
rently secure telephone products are made up of 
many different technologies (Vocoder, modem, Sig- 
naling, and Encryption) and consume a fair amount 
of power. 

With the wide spread use of portable commu- 
nications, battery life is an important consideration. 
Any additional circuitry in a telecommunication ter- 
minal such as a cellular telephone significantly 
affects the battery life and hence the use of the 
telephone. Security for speech communications is 
highly desirable especially for radio telephones in 
which communications may be readily intercepted. 
Adding circuitry for security, however, affects the 
battery life of the radio telephone and hence the 
radio telephone's ability to be used to transmit and 
receive. 

Battery life is a critical mission parameter for 
many U.S. government applications(i.e. covert, 
search and rescue, etc.) which are mandated with 
the use of secure communications. Commercial 
applications involving secure communications will 
have similar requirements which are fundamental to 
the ergonomics of the radio telephone (i.e. small 
size, portable, etc.). 

Typical security modules for telecommunica- 
tion terminals include accessory attachments which 
are placed in series with the device which is to be 
secured and the target communications medium. 
Prior art examples include security modules for 
plain old telephones, fax machines, and secure 
modems which have been identified in the com- 
mercial marketplace. 

These typical security systems do not provide 
for portability and miniaturization. These problems 
are usually overcome by providing large batteries 
accompanied by a DC-DC converter to provide the 
proper power outputs. The packaging of these de- 
vices are usually put into a briefcase or a small 
portable carrying device. 

Brief Description of the Drawings 

FIG. 1 is a block diagram of a telecommunica- 
tions security module in accordance with the 
present invention. 

FIG. 2 illustrates an isometric view of a security 
module and telephone, in accordance with the pre- 
ferred embodiment of the invention. 



Description of the Preferred Embodiment 

The telecommunications terminal security mod- 
ule may be accomplished by creating a low power 

5 architecture using: 3-volt technology, multi-function 
DSP (digital signal processor), programmable en- 
cryption, and a smart power controller to maintain 
the lowest power profile of the architecture. 

The security module will provide digital encryp- 

w tion of the voice using voice compression, encryp- 
tion, and modem technologies. The block diagram 
below shows the security module. 

Referring to Fig. 1 a block diagram of a secu- 
rity module for a portable telephone in accordance 

75 with a preferred embodiment of the invention. The 
security module consists of four main subsystems: 
a Vocoder/Comsec subsystem processor 11, an 
encryption engine 30, a Modem/Signaling sub- 
system processor 21, and a Security system con- 

20 troller 29. Any or all of these can be integrated into 
a single large scale integration circuit. 

Vocoder processor 10 is coupled to program- 
mable logic 13, RAM 14, and flash ROM 15 and to 
analog codec 12. Vocoder processor 10 is further 

25 coupled to encryption engine 30. 

Modem processor 20 is coupled to modem 
logic 23, RAM 24, flash ROM 25, codec 22, and to 
encryption engine 30. Modem processor 20 is fur- 
ther coupled to security system controller 29. 

30 The microphone (Mic) of telephone 9 and ear 
piece out (Ear Out) are coupled to analog codec 
12. Security system controller 29 is coupled to the 
communication bus of cellular phone 9 for the 
normal transmission and reception of data by the 

35 cellular phone. Analog in and analog out of cellular 
phone 9 are coupled to codec 22. 

The Vocoder/Comsec subsystem 11 is used 
for the compression/de-compression of voice sig- 
nals and performs some of the overall security 

40 functions. It includes a digital signal processor 10, 
memory Flash Read Only Memory (FROM) 15 and 
Random Access Memory (RAM) 14, programmable 
logic 13, and an Analog Codec 12 which performs 
A/D (analog to digital) & D/A (digital to analog) 

45 conversions. The Vocoder processor 10 uses the 
Flash read only memory 15 and Random access 
memory 14 to perform the voice compression and 
decompression computations and passes the com- 
munication security (Comsec) messages over to 

so encryption engine 30. All of the programs are 
downloaded from FROM 15 and run out of RAM 
14. The programmable logic 13 performs the mem- 
ory decoding between the memory and the 
Vocoder processor 10. The programmable logic 13 

55 will also allow for expansion of future capabilities. 
The host port 31 is a parallel port which is a 
communication path between the vocoder proces- 
sor and the encryption engine. 
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The encryption engine 30 is used to perform 
the encryption and decryption on the compressed 
voice signals. It is a low power programmable logic 
circuit such as an ASIC (Application Specific In- 
tegrated Circuit) which is programmed with dif- 
ferent software algorithms from the Vocoder pro- 
cessor 10 and its memory for encryption and de- 
cryption. The encryption engine communicates 
through two different paths: (1) to the communicate 
to the vocoder processor 10 (via host port 31) for 
encryption/decryption of compressed clear text 
voice signals; and (2) to communicate to the 
modem processor 20 (via the programmable logic 
23) for sending/receiving encrypted compressed 
voice to/from the modem's data pump which is 
performed in software by modem processor 20. 

The Modem/Signaling subsystem 21 performs 
the modulation/de-modulation of the encrypted 
compressed voice signals for transport over the 
analog channel. It includes a digital signal proces- 
sor 20, memory (Flash Read Only Memory 25 and 
Random Access Memory 24), programmable logic 
23, and an Analog Codec 22 (performs A/D & D/A). 
The Modem processor 20 uses the Flash read only 
memory 25 and Random access memory 24 to 
perform the modem computations and in- 
sert/renrtove signaling messages from the modem 
traffic. All programs are downloaded from FROM 
25 and run out of RAM 24. The programmable 
logic 23 performs the memory decoding between 
the memory and the Modem processor 20. The 
programmable logic 23 will also perform some of 
the modem's phase lock loop function. The prog- 
rammable logic helps lower parts count and overall 
power. 

Security system controller 29 is a single chip 
micro controller such as a 68HC11 which is used 
for monitoring and controlling the modes of the 
security module. It monitors two buses: (1) the 
external communications bus 34 located in the 
portable radio telephone; and (2) internal commu- 
nications bus 32 to determine the state of security 
module and when to conserve power. 

Programmable logic units 13 and 23 may be 
implemented with an XC series programmable log- 
ic unit manufactured by Xilinx or equivalents, or 
equivalent gate array or collection of small scale 
logic components. Codecs 12 and 22 may com- 
prise a codec unit TLC320AC01 as manufactured 
by the Texas Instruments corporation or equiv- 
alents. Processor 10 and 20 may be implemented 
with a Motorola 56002 digital signal procesor 
(DSP) or equivalent. The flash read only memory 
can also be substituted by EEROM, ROM, or 
equivalents. Encryption engine 30 is a Motorola 
gate array which may execute following algorithms: 
type(1) government classified; type (2) goverment 
contractors/police such as Skipjack or Clipper, type 



(3) commercial may be DES (data encryption stan- 
dard); and type (4) International may be DVI 
(Motorola proprietary) or other proprietary algo- 
rithms. 

5 

Example of Operation 

The security system controller 29 will hold both 
processor subsystems (11 and 21) in an idle mode 
to until the security system controller detects the 
proper command sequence on communications 
bus 34. 

Once the proper sequence is detected then the 
subsystems will be powered up and setup a secure 

75 channel with the far end unit, the remote device 
which communicates with the cellular phone. Once 
the secure channel has been established the voice 
signals from the microphone of the radio telephone 
will be processed. 

20 Voice signals from the radio telephone's micro- 
phone are received on connector 19. The mic 
signal 8 will be routed to the Codec 12 to be 
digitized. The digitized signal is routed into proces- 
sor 10 through a high speed serial communications 

25 bus 17. The digitized voice information is com- 
pressed and routed through host interface bus 31 
on to encryption engine 30 for encryption. The 
encrypted voice is passed on to processor 20 (via 
the serial communications interface 36) where it is 

30 modulated for transmission. The compressed, en- 
crypted, and modulated voice is passed on to 
codec 22 (via serial communications interface 37) 
to be converted to analog signals for transmission 
to the cellular or portable telephone through the 

35 analog out signal 5 on connector 19. 

Simultaneously, analog signals from the porta- 
ble telephone (signals from the microphone in the 
far end unit) are received on the analog In 6 of 
connector 19 and routed to codec 22 where they 

40 are digitized and passed on to processor 20 (via 
serial communications interface 37). These signals 
are demodulated and routed on to encryption en- 
gine 30 (via serial communications interface 36) to 
be de-crypted. The decrypted and compressed 

45 voice information is then passed on from the en- 
cryption engine to processor 10 (through host inter- 
face bus 31) to be decompressed (synthesized). 
The decompressed digitized voice is routed on to 
analog codec 12 (via serial interface 17) for conver- 

50 sion back to an analog voice signal. The analog 
voice signal is sent from analog codec 12 out to 
connector 19 (via the ear out 7 signal) for routing to 
the ear piece of the radio telephone. 

Referring to FIG. 2 an isometric diagram of a 

55 secure low power cellular telephone 45 in accor- 
dance with the present invention is shown. The 
security module 40 is attached to the cellular radio 
telephone 9 between the battery pack 50 and the 



3/21/05, EAST Version: 2.0.1.4 



5 



EP 0 680 171 A2 



6 



cellular phone 9. This will allow the security module 
to draw from the battery and use the internal com- 
munications bus of the cellular radio telephone 9. A 
separate microphone and ear piece may be added 
externally to allow operation in either mode. 

Secure cellular telephone 45 includes a cellular 
phone 9, security module 40, as described in FIG. 
1, and a battery 50. The security module 40 is 
coupled between cellular phone 9 and battery 50. 

The security module 40 connects to a cellular 
or portable radio telephone 9 through a connector 
interface (not shown) which includes: microphone 
and earphone signals for the handset interface, 
analog In/Out leads (5,6) for the radio telephone's 
transceiver interface, and a communications bus 
interface (34) for monitoring the radio phone. 

The security module for a telecommunications 
terminal is an important advance in the art since it 
provides a way to protect sensitive and classified 
information from being intercepted over the air 
waves. As more and more products begin to use 
wireless technologies to communicate, the need for 
security modules will increase as the awareness of 
the user increases. Further the configuration shown 
herein meets the needs of the industry in that it 
supplies a low power security unit for cellular or 
portable phones which will not adversely affect the 
battery life of such phones. 

Although the preferred embodiment of the in- 
vention has been illustrated, and that form de- 
scribed in detail, it will be readily apparent to those 
skilled in the art that various modifications may be 
made therein without departing from the spirit of 
the invention or from the scope of the appended 
claims. 

Claims 

1. A telephone security module comprising: 

a first processor (11) which provides for 
compressing and decompressing digital voice 
data; 

an encryption engine (30) for encrypting 
and decrypting said compressed and decom- 
pressed digital voice data, said encryption en- 
gine coupled to said first processor; 

a second processor (21) for converting en- 
crypted digital compressed voice data to en- 
crypted analog compressed voice data and for 
converting encrypted analog compressed voice 
data to encrypted digital compressed voice 
data, said second processor coupled to said 
encryption engine; and 

a security system controller (29) for trans- 
mitting status and receiving commands to con- 
trol operation of said first and second proces- 
sors. 
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2. A telephone security module as claimed in 
claim 1, wherein said first processor includes 
processor means (10) for controlling said com- 
pressing and decompressing of said digital 

5 voice data. 

3. A telephone security module as claimed in 
claim 2, wherein said first processor further 
includes memory means (14-15) for performing 

70 and storing the results of the compressing and 

decompressing of said digital voice data, said 
memory means coupled to said processor 
means. 

75 4. A telephone security module as. claimed in 
claim 3, wherein said first processor further 
includes logic means for controlling (13) mem- 
ory decoding between said memory means 
and said processor means, said logic means 

20 coupled to said processor means and to said 

memory means. 

5. A telephone security module as claimed in 
claim 2, wherein said processor means further 

25 includes analog codec means (12) for convert- 

ing analog voice data to said digital voice data 
and for converting said digital voice data to 
said analog voice data, said analog codec 
means coupled to said processor means. 

30 

6. A telephone security module as claimed in 
claim 2, wherein there is further included a 
parallel port (31) for coupling of said encryp- 
tion engine with said processor means. 

35 

7. A telephone security module as claimed in 
claim 1, wherein said second processor in- 
cludes processor means (20) for controlling 
conversion of said encrypted compressed digi- 

40 tal voice data to encrypted compressed analog 

voice data and for controlling conversion of 
said encrypted compressed analog voice data 
to said encrypted compressed digital voice 
data, said processor means coupled to said 

45 encryption engine. 

6. A telephone security module as claimed in 
claim 7, wherein said first processor further 
includes memory means (24-25) for performing 
so and storing the results of said conversions, 

said memory means coupled to said processor 
means. 

9. A telephone security module as claimed in 
55 claim 8, wherein said first processor further 

includes logic means for controlling (23) mem- 
ory decoding between said memory means 
and said processor means, said logic means 

/ersion: 2.0.1.4 
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coupled to said processor means and to said 
memory means. 

10. A telephone security module as claimed in 
claim 7, wherein said second processor further 5 
includes codec means (22) for converting said 
encrypted compressed analog voice data to 
encrypted compressed digital voice data and 
for converting encrypted compressed digital 
voice data to encrypted compressed analog io 
voice data, said codec coupled to said proces- 
sor means. 
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